I have Windows 11 installed on an NVMe SSD, installed in an SSD enclosure, as a Windows To Go live image. I did this with Rufus. I typically use it on my work laptop (Windows 10 Ent with BitLocker & TPM) so I can be a cheapskate and not have to buy my own laptop, but I can have my own, isolated, Windows installation.
It works very well - I use my work laptop as usual during work hours, then in the evenings and weekends I can live boot into my own Windows 11 instance. What is strange though is how BitLocker seems to be configured on the live instance.
I have never asked for BitLocker protection on the live instance, and I am never asked for a PIN when booting. However if I go to the BitLocker settings screen within Windows, it shows as a BitLocker protected volume, with all the options which would normally be available on a protected volume (suspend, print recovery key etc).
The key protectors in use are TPM
and Numerical Password
.
If I connect the drive when booted into the installed Windows 10 instance, it shows as a BitLocker protected volume. I can access it, but only with the recovery key - it never asks me for a PIN.
I should note that this isn't causing me any issues, and the question is simply out of curiosity of how BitLocker is being handled on this volume.